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DETAILED ACTION 

1 . This action is in response to communications filed August 28, 2008. 

2. Claims 1-97 are pending in this application. Claims 1, 2, 6, 8, 9, 17, 25, 27, 28, 30, 33, 
42, 51, 74, 82, and 90 currently amended. Claims 3-5, 7, 10-16, 18-24, 26, 29, 31, 32, 34-41, 43- 
50, 52-73, 75-81, 83-89, and 91-97 have been previously presented. 

3. This application claims priority to provisional application number 60/457,357 filed 
March 26, 2003. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

5. Claims 1-97 are rejected under 35 U.S.C. 102(b) as being anticipated by Gardner 
(Pub. No. 2002/0013904). 

6. With respect to claims 1,9, 17, 25, 33, 42 and 51, Gardner discloses an apparatus, 
method and computer program product (paragraph [0025], lines 1-7) comprising: 

a processor configured to send and receive (paragraph [0039]), to and from a client 
(paragraph [0029], line 4, user), a set of a plurality of labels identifying a respective plurality of 
elements of an authentication matrix (paragraph [0026], whereby the "label" is anticipated by 
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Gardner's "grid references" in line 4, and the "elements of an authentication matrix" are 
anticipated by Gardner's "particular character"; note that Gardner's use of the terms "table" and 
"grid" throughout are, hereinafter, equated to the "matrix", see paragraph [0015], lines 3-7), the 
authentication matrix including a plurality of elements organized in one or more columns and 
rows each of which includes a respective header (paragraph [0055], lines 3-5), each element 
being identifiable by a label (paragraph [0027]) including a column header and row header that 
identifies the respective column and row of the element (paragraph [0055], lines 1-4), the set of 
labels including the column and row headers of the respective labels being unknown at the client 
until the set of labels is sent thereto (paragraphs [006 1 ]-[0063], whereby the index within each 
element [m3d2d1m1= Month 3rd, Date 2nd, Date 1st, Month 2" d ] is unknown at the 

client prior to the user being prompted), 

wherein the processor is configured to receive a passcode (paragraph [0026], whereby the 
"passcode" is anticipated by Gardner's VPIN) from the client formulated based upon the 
elements identified by the received set of labels (paragraph [0027]), and wherein the processor is 
configured to authenticate the client based upon the formulated passcode (paragraph [0030]). 

7. With respect to claims 2, 10, 18, 26, 34, 43 and 52, Gardner discloses the apparatus and 
method according to claims 1, 9, 17, 25, 33, 42, and 51 respectively, wherein the processor is 
configured to send a set of labels (paragraph [0061]), receive a formulated passcode (paragraph 
[0095], lines 1-5) and authenticate the client a plurality of times (paragraph [0096], lines 5-9), 
and wherein the processor is configured to send each set of labels such that the sent set of labels 
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differs from each previously sent set of labels (paragraph [0025], lines 1-10, the required VPIN 
input code, which varies on each and every occasion of use). 



8. With respect to claims 3,11, 19, 27, 35, 44, and 53, Gardner discloses the apparatus and 
method according to claims 1,9, 17, 26, 33, 42 and 51 respectively, wherein the processor is 
configured to generate a passcode based upon elements selected from the authentication matrix 
(paragraph [0026]), wherein the processor is configured to send a set of labels identifying the 
selected elements (paragraph [0061]), and wherein the processor is configured to authenticate the 
client further based upon the generated passcode (paragraphs [0085-0086]). 



9. With respect to claims 4, 12, 20, 28, 36, 45, and 54, Gardner discloses the apparatus and 
method and method according to claims 3, 11, 19, 27, 35, 44 and 53 respectively, wherein the 
processor is configured to provide, to the client, an authentication matrix stored in a database 
(paragraph [0046]), wherein the processor is configured to generate a passcode based upon 
elements selected from the authentication matrix stored in the database (paragraph [0085]), and 
wherein the processor is configured to receive a passcode formulated based upon elements of the 
authentication matrix provided to the client corresponding to the elements selected from the 
authentication matrix stored in the database (paragraphs [0045-0048]; Figure 2; paragraph 
[0086]). 



10. With respect to claims 5, 13, 21, 29, 37, 46 and 55, Gardner discloses the apparatus and 
method according to claims 4, 12, 20, 28, 36, 45, and 54 respectively, wherein the database is 
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configured to store a plurality of authentication matrices (paragraphs [0049]-[0050]), each 
authentication matrix associated with a different client (paragraphs [0049]-[0050]), wherein the 
processor is configured to provide, to the client being authenticated, an authentication matrix 
associated with the respective client (paragraphs [0049]-[0050]), and wherein the processor is 
configured to generate a passcode based upon elements selected from the authentication matrix 
stored in the database and associated with the respective client (paragraph [0038]). 

1 1 . With respect to claims 6, 14, 22, 30, 38, 47 and 56, Gardner discloses the apparatus and 
method according to claims 5, 13, 21, 29, 37, 46 and 55 respectively, wherein the processor is 
configured to receive at least one piece of identifying information associated with the client 
being authenticated (paragraph [0038], lines 1-4), and thereafter identify, from the plurality of 
authentication matrices stored in the database, the authentication matrix associated with the 
client being authenticated based upon the at least one piece of identifying information (paragraph 
[0038], lines 1-4), and wherein the processor is configured to generate a passcode based upon 
elements selected from the identified authentication matrix (paragraphs [0061]-[0062]). 

12. With respect to claims 7, 15, 23, 3 1, 40, 49, and 58, Gardner discloses the apparatus and 
method according to claims 3, 11, 19, 27, 36, 45 and 54 respectively, the processor is configured 
to generate a passcode further based upon a personal identification number (PIN) associated with 
the client (paragraph [0042], lines 1-3), and wherein the processor is configured to receive a 
passcode formulated further based upon the PIN (paragraph [0027]). 
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13. With respect to claims 8, 16, 24, 32, 41, 50 and 59, Gardner discloses the apparatus and 
method according to claims 7, 15, 23, 31, 40, 49 and 58 respectively, wherein the processor is 
configured to generate a passcode including elements selected from the authentication matrix and 
the PIN in a variable position with respect to the selected at least one element (paragraph 
[0061]), wherein the processor being configured to receive a passcode formulated to include the 
identified elements and the PIN in the variable position with respect to the identified elements, 
and wherein the processor is configured to authenticate the client by identifying a match between 
the generated passcode and the formulated passcode (paragraphs [00070], [0074], and [0086]). 

14. With respect to claim 60, Gardner discloses the apparatus according to Claim 1, wherein 
the processor is configured to send a set of labels to the client in response to the client 
effectuating logging in, logging in including prompting the client for at least one piece of 
identifying information (paragraph [0041]), and receiving the at least one piece of identifying 
information from the client, the at least one piece of identifying information comprising a user 
name and a password (paragraph [0042]) associated with a client user. 

15. With respect to claim 61, Gardner discloses the apparatus according to Claim 6, wherein 
the at least one piece of identifying information received by the processor is capable of 
identifying the client to an organization independent of the authentication matrix associated with 
the client (paragraph [0097]; wherein an "organization" is anticipated by a Trusted Third Party 
acting as an administrator of the prior art system). 
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16. With respect to claim 62, Gardner discloses the apparatus according to Claim 9, wherein 
the processor is configured to receive a set of labels in response to the apparatus or user 
effectuating logging in, logging in including the apparatus or user being prompted for at least one 
piece of identifying information, and sending the at least one piece of identifying information, 
the at least one piece of identifying information comprising a user name and a password 
associated with a client user (paragraphs [0041-0042]). 

17. With respect to claim 63, Gardner discloses the apparatus according to Claim 14, wherein 
the at least one piece of identifying information sent by the processor is capable of identifying 
the apparatus or user to an organization independent of the authentication matrix associated with 
the respective apparatus or user (paragraph [0097]; wherein an "organization" is anticipated by a 
Trusted Third Party acting as an administrator of the prior art system). 

18. With respect to claim 64, Gardner discloses the method according to Claim 17, wherein 
sending a set of labels comprises sending a set of labels in response to effectuating logging in, 
logging in including prompting the client for at least one piece of identifying information, and 
receiving the at least one piece of identifying information, the at least one piece of identifying 
information comprising a user name and password associated with a client user (paragraphs 
[0041-0042]). 

19. With respect to claim 65, Gardner discloses the method of Claim 22, wherein receiving 
the at least one piece of identifying information comprises receiving at least one piece of 
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identifying information capable of identifying the client to an organization independent of the 
authentication matrix associated with the client (paragraph [0097]; wherein an "organization" is 
anticipated by a Trusted Third Party acting as an administrator of the prior art system). 

20. With respect to claim 66, Gardner discloses the computer program product according to 
Claim 25, wherein the first executable portion is configured to send a set of labels in response to 
effectuating logging in, logging In including prompting the client for at least one piece if 
identifying information, and receiving the at least one piece of identifying information, the at 
least one piece of identifying information comprising a user name and a password associated 
with a client user (paragraphs [0041-0042]). 

2 1 . With respect to claim 67, Gardner discloses the computer program product according to 
Claim 30, wherein the at least one piece of identifying information comprises received by the 
sixth executable portion is capable of identifying the client to an organization independent of the 
authentication matrix associated with the client (paragraph [0097]; wherein an "organization" is 
anticipated by a Trusted Third Party acting as an administrator of the prior art system). 

22. With respect to claim 68, Gardner discloses the apparatus according to Claim 33, wherein 
the processor is configured to send a set of labels in response to effectuating logging in, logging 
in including prompting the client for at least one piece of identifying information, and receiving 
the at least one piece of identifying information, the at least one piece of identifying information 
comprising a user name and password associated with a client user (paragraphs [0041-0042]). 
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23. With respect to claim 69, Gardner discloses the apparatus according to Claim 39, wherein 
the at least one piece of identifying information received by the processor is capable of 
identifying the client to an organization independent of the authentication matrix associated with 
the client (paragraph [0097]; wherein an "organization" is anticipated by a Trusted Third Party 
acting as an administrator of the prior art system). 

24. With respect to claim 70, Gardner discloses the apparatus according to Claim 42, wherein 
the processor is configured to receive a set of labels in response to effectuating logging in, 
logging in including the apparatus or user being prompted for at least one piece of identifying 
information, and sending the at least one piece of identifying information, the at least one piece 
of identifying information comprising a user name and password associated with the user 
(paragraphs [0041-0042]). 

25 . With respect to claim 7 1 , Gardner discloses the apparatus according to Claim 48, wherein 
the at least one piece of identifying information sent by the processor is capable of identifying 
the apparatus or user to an organization independent of the authentication matrix associated with 
the apparatus or user (paragraph [0097]; wherein an "organization" is anticipated by a Trusted 
Third Party acting as an administrator of the prior art system). 

26. With respect to claim 72, Gardner discloses the method according to Claim 5 1 , wherein 
sending a set of labels in response to effectuating logging in, logging in including prompting the 
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client for at least one piece of identifying information, and receiving the at least one piece of 
identifying information, the at least one piece of identifying information comprising a user name 
and password associated with a client user (paragraphs [0041-0042]). 

27. With respect to claim 73, Gardner discloses the system according to Claim 57, wherein 
receiving the at least one piece of identifying information comprises receiving at least one piece 
of identifying information capable of identifying the client to an organization independent of the 
authentication matrix associated with the client (paragraph [0097]; wherein an "organization" is 
anticipated by a Trusted Third Party acting as an administrator of the prior art system). 

28. With respect to claims 74, 82, and 90, Gardner discloses the apparatus, method, and 
computer program for authenticating a user (paragraph [0025], lines 1-7) comprising: 

a processor (paragraph [0025], lines 1-3, Master System) configured to prompt a user 
(paragraph [0025], lines 1-3) for at least one piece of identifying information associated with the 
user (paragraph [005 1]), the user being prompted during effectuation of logging in (paragraphs 
[0041-0042]), 

wherein the processor is configured to receive the identifying information in response to 
prompting the user (paragraph [0040], be approached by the master system), wherein the 
processor receiving the identifying information invokes an authentication procedure (paragraph 
[0025], lines 1-7), the authentication procedure comprising: 

selecting a set of labels identifying respective elements of an authentication 

matrix (paragraph [0027], grid reference system), wherein the authentication matrix 
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includes a plurality of elements organized in one or more columns and rows each of 
which includes a respective header (paragraph [0055], lines 1-5), each element being 
identifiable by a label including a column header and row header that identifies the 
respective column and row of the element (paragraph [0026], whereby the "label" is 
anticipated by Gardner's "grid references" in line 4, and the "element of an authentication 
matrix" is anticipated by Gardner's "particular character"); 

providing the selected set of labels to the use, the set of selected labels including 
the column headers and row headers of the respective labels being unknown to the user 
until the set is provided (paragraphs [0061]-[0063], whereby the index within each 
element [m3d2d1m1= Month 3rd, Date 2nd, Date 1st, Month 2" d ] is unknown at 

the client prior to the user being prompted); 

receiving a passcode from the user in response to providing the set of labels 
(paragraph [0026]), the passcode having been formulated based upon the elements 
identified by the provided set of labels (paragraph [0027]); and 

authenticating the user based upon the received passcode (paragraph [0086]). 

29. With respect to claims 75, 83, and 91, Gardner discloses the apparatus, method, and 
computer program according to claims 74, 82, and 90 respectively, wherein the entity is capable 
of prompting the user and receiving the identifying information for each of a plurality of 
instances of logging in, and wherein the entity receiving of the identifying information for each 
instance invoked the authentication procedure such that the set of labels provided for the 
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respective instance differs between the set of labels provided for each previous instance 
(paragraph [0025], lines 1-7). 

30. With respect to claims 76, 84, and 92, Gardner discloses the apparatus, method, and 
computer program according to claims 75, 83, and 91 respectively, wherein the entity receiving 
of the identifying information of each instance invokes the authentication procedure such that the 
received passcode is unique to the respective instances (paragraph [0025], lines 1-7). 

31. With respect to claims 77, 85, and 93, Gardner discloses the apparatus, method, and 
computer program according to claims 74, 82, and 90 respectively, wherein the entity is capable 
of receiving at least one piece of identifying information such that the authentication procedure 
further comprises: identifying, from a plurality of authentication matrices, the authentication 
matrix associated with the client being authenticated based upon the at least one piece of 
identifying information, the selected set of labels identifying elements of the identified 
authentication matrix (paragraph [101]). 

32. With respect to claims 78, 86, and 94, Gardner discloses the apparatus, method, and 
computer program according to claims 77, 85, and 93 respectively, wherein the at least one piece 
of identifying information received by the entity is capable of identifying the client to an 
organization independent of the authentication matrix (paragraph [0097]; wherein an 
"organization" is anticipated by a Trusted Third Party acting as an administrator of the prior art 
system). 
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33. With respect to claims 79, 87, and 95, Gardner discloses the apparatus, method, and 
computer program according to claims 74, 82, and 90 respectively, wherein the entity is capable 
of receiving at least one piece of identifying information such that the authentication procedure 
includes receiving a passcode having been formulated further based upon a personal 
identification number (PIN) associated with the client (paragraph [0027]). 

34. With respect to claims 80, 88, and 96, Gardner discloses the apparatus, method, and 
computer program according to claims 79, 87, and 95 respectively, wherein the entity is capable 
of receiving at least one piece of identifying information such that the authentication procedure 
includes receiving a passcode having been formulated including at least one element selected 
from the authentication matrix and the PIN in a predefined position with respect to the selected at 
least one element (paragraph [0070]). 

35 . With respect to claims 81,89, and 97, Gardner discloses the apparatus, method, and 
computer program according to claims 74, 82, and 90 respectively, wherein the identifying 
information received by the entity comprises a user name and password associated with the user 
(paragraphs [0041-0042]). 

Response to Arguments 

36. Applicant's arguments filed August 28, 2008, have been fully considered but they are not 
persuasive. 
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37. With respect to claim 1 , the applicant argues on page 32 that Gardner does not teach or 
suggest an apparatus for authenticating a client in which a set of labels including column/row 
headers identifying columns/rows of a matrix including elements from which a passcode is 
formulated are unknown at the client until that set is sent to the client. The applicant further 
argues that in every embodiment of Gardner, the user knows upfront the grid references from 
which the VPIN is derived. It is Gardner's VPIN which anticipated the applicant's passcode. 

The examiner respectfully disagrees with the applicants arguments. While the Applicant 
is correct in their interpretation of Gardner's "grid references may relate to such things as 
Weekday, the Date, the Month the Use number for that day, the Time of day to the last complete 
hour, or indeed any other method of precisely indicating which grid reference applies to a 
particular a specific use" as potentially allowing the user to have knowledge of certain 
column/row headers, that does not preclude Gardner from withholding column/row headers from 
the user until they are sent. The column/row headers which are unknown to the user are 
disclosed by Gardner in an example VPIN in paragraph [0062], where Gardner reference a 
nested column header in order to produce the proper VPIN, m3d2d1m1= Month 3rd, Date 

2nd, Date 1st, Month 2"° '. Here the nested column header, which for the first digit of the 

VPIN is the third column of the Month element "489", is unknown to the user until being 

prompted. The Month element, in this example, "489", can be viewed as a matrix nested within 
the Calendar matrix of Gardner. 
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Conclusion 

38. This is a Request for Continued Examination (RCE) of applicant's earlier Application No. 
10/808,166. All claims are drawn to the same invention claimed in the earlier application and 
could have been finally rejected on the grounds and art of record in the next Office action if they 
had been entered in the earlier application. Accordingly, THIS ACTION IS MADE FINAL 
even though it is a first action in this case. See MPEP § 706.07(b). Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no, however, 
event will the statutory period for reply expire later than SIX MONTHS from the mailing date of 
this final action. 

39. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BLAKE RUBIN whose telephone number is (571) 270-3802. 
The examiner can normally be reached on M-R: 8:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

10/15/08 

/Rubin Blake/ 
Examiner, Art Unit 2457 



/ARIO ETIENNE/ 

Supervisory Patent Examiner, Art Unit 2457 



